# PCI Compliance

Payment Card Industry Data Security Standard (PCI DSS) compliance ensures that sensitive cardholder data is securely processed, stored, and transmitted.

Juspay Hyperswitch Cloud provides out-of-the-box PCI DSS Level 1 compliance—the highest level of certification—so you can handle payments securely without worrying about card storage or compliance complexities yourself.

## Key Features of PCI Compliance on Hyperswitch Cloud

**PCI DSS Level 1 Certification** Hyperswitch is validated as a **PCI DSS v4.0 Level 1 Service Provider**, the highest level of PCI certification for service providers. This ensures robust security controls for storing, processing, and transmitting cardholder data.

**Annual Audits** Hyperswitch undergoes an annual PCI DSS audit performed by an independent Qualified Security Assessor (QSA). In addition, quarterly vulnerability scans are conducted by a PCI-approved scanning vendor (ASV), as required by PCI DSS.

**Tokenization for Secure Card Handling** Hyperswitch tokenizes and stores customer card details in its cloud vault, reducing the need for merchants to store sensitive data.

## Enabling Raw Card Acceptance with Payment Processors

To process raw card data securely through Hyperswitch:

### Processor Configuration:

Many payment processors disable raw card acceptance by default. To enable it:

* Share Hyperswitch's PCI Attestation of Compliance (AOC) with your processor's support team.
* Request them to enable raw card processing for your merchant account.

### Stripe Integration Update:

* Stripe no longer allows raw card acceptance via its Merchant Dashboard.
* If required, share Hyperswitch's PCI DSS Attestation of Compliance (AOC) with Stripe support.

### Accessing the PCI AOC Document:

* A redacted version of Hyperswitch's PCI DSS Attestation of Compliance (AOC) is available to Cloud users under NDA. It can be downloaded from the Compliance section in the Dashboard.
* Alternatively, email **<support.global@juspay.io>** for assistance.

## Why Choose Hyperswitch for PCI Compliance?

* Simplified compliance management with automatic tokenization and secure storage.
* Global security standards maintained across all integrations.
* Reduced complexity and liability for merchants in handling sensitive card data.